tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ma...@apache.org
Subject svn commit: r620030 - in /tomcat/site/trunk: docs/security-4.html docs/security-5.html docs/security-6.html xdocs/security-4.xml xdocs/security-5.xml xdocs/security-6.xml
Date Fri, 08 Feb 2008 23:16:45 GMT
Author: markt
Date: Fri Feb  8 15:16:41 2008
New Revision: 620030

URL: http://svn.apache.org/viewvc?rev=620030&view=rev
Log:
Publish details of CVE-2007-5333

Modified:
    tomcat/site/trunk/docs/security-4.html
    tomcat/site/trunk/docs/security-5.html
    tomcat/site/trunk/docs/security-6.html
    tomcat/site/trunk/xdocs/security-4.xml
    tomcat/site/trunk/xdocs/security-5.xml
    tomcat/site/trunk/xdocs/security-6.xml

Modified: tomcat/site/trunk/docs/security-4.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-4.html?rev=620030&r1=620029&r2=620030&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-4.html (original)
+++ tomcat/site/trunk/docs/security-4.html Fri Feb  8 15:16:41 2008
@@ -3,19 +3,19 @@
 <html>
 <head>
 <title>Apache Tomcat - Apache Tomcat 4.x vulnerabilities</title>
-<meta name="author" value="Apache Tomcat Project"/>
-<meta name="email" value=""/>
-<link type="text/css" href="stylesheets/tomcat.css" rel="stylesheet"/>
-<link type="text/css" href="stylesheets/tomcat-printer.css" rel="stylesheet" media="print"/>
+<meta value="Apache Tomcat Project" name="author" />
+<meta value="" name="email" />
+<link rel="stylesheet" href="stylesheets/tomcat.css" type="text/css" />
+<link media="print" rel="stylesheet" href="stylesheets/tomcat-printer.css" type="text/css"
/>
 </head>
-<body bgcolor="#ffffff" text="#000000" link="#525D76" alink="#525D76" vlink="#525D76">
-<table border="0" width="100%" cellspacing="0">
+<body vlink="#525D76" alink="#525D76" link="#525D76" text="#000000" bgcolor="#ffffff">
+<table cellspacing="0" width="100%" border="0">
 <!--PAGE HEADER-->
 <tr>
 <td>
 <!--PROJECT LOGO-->
 <a href="http://tomcat.apache.org/">
-<img src="./images/tomcat.gif" align="left" alt="Tomcat Logo" border="0"/>
+<img border="0" alt="Tomcat Logo" align="left" src="./images/tomcat.gif" />
 </a>
 </td>
 <td>
@@ -26,28 +26,28 @@
 <td>
 <!--APACHE LOGO-->
 <a href="http://www.apache.org/">
-<img src="http://www.apache.org/images/asf-logo.gif" align="right" alt="Apache Logo" border="0"/>
+<img border="0" alt="Apache Logo" align="right" src="http://www.apache.org/images/asf-logo.gif"
/>
 </a>
 </td>
 </tr>
 </table>
 <div class="searchbox noPrint">
-<form action="http://www.google.com/search" method="get">
-<input value="tomcat.apache.org" name="sitesearch" type="hidden"/>
-<input value="Search the Site" size="25" name="q" id="query" type="text"/>
-<input name="Search" value="Search Site" type="submit"/>
+<form method="get" action="http://www.google.com/search">
+<input type="hidden" name="sitesearch" value="tomcat.apache.org" />
+<input type="text" id="query" name="q" size="25" value="Search the Site" />
+<input type="submit" value="Search Site" name="Search" />
 </form>
 </div>
-<table border="0" width="100%" cellspacing="4">
+<table cellspacing="4" width="100%" border="0">
 <!--HEADER SEPARATOR-->
 <tr>
 <td colspan="2">
-<hr noshade="" size="1"/>
+<hr size="1" noshade="" />
 </td>
 </tr>
 <tr>
 <!--LEFT SIDE NAVIGATION-->
-<td width="20%" valign="top" nowrap="true" class="noPrint">
+<td class="noPrint" nowrap="true" valign="top" width="20%">
 <p>
 <strong>Apache Tomcat</strong>
 </p>
@@ -176,11 +176,11 @@
 </ul>
 </td>
 <!--RIGHT SIDE MAIN BODY-->
-<td width="80%" valign="top" align="left" id="mainBody">
-<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<td id="mainBody" align="left" valign="top" width="80%">
+<table width="100%" cellpadding="2" cellspacing="0" border="0">
 <tr>
 <td bgcolor="#525D76">
-<font color="#ffffff" face="arial,helvetica,sanserif">
+<font face="arial,helvetica,sanserif" color="#ffffff">
 <a name="Apache Tomcat 4.x vulnerabilities">
 <strong>Apache Tomcat 4.x vulnerabilities</strong>
 </a>
@@ -213,14 +213,14 @@
 </tr>
 <tr>
 <td>
-<br/>
+<br />
 </td>
 </tr>
 </table>
-<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<table width="100%" cellpadding="2" cellspacing="0" border="0">
 <tr>
 <td bgcolor="#525D76">
-<font color="#ffffff" face="arial,helvetica,sanserif">
+<font face="arial,helvetica,sanserif" color="#ffffff">
 <a name="Will not be fixed in Apache Tomcat 4.1.x">
 <strong>Will not be fixed in Apache Tomcat 4.1.x</strong>
 </a>
@@ -253,14 +253,14 @@
 </tr>
 <tr>
 <td>
-<br/>
+<br />
 </td>
 </tr>
 </table>
-<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<table width="100%" cellpadding="2" cellspacing="0" border="0">
 <tr>
 <td bgcolor="#525D76">
-<font color="#ffffff" face="arial,helvetica,sanserif">
+<font face="arial,helvetica,sanserif" color="#ffffff">
 <a name="Fixed in Apache Tomcat 4.1.SVN for inclusion in next release">
 <strong>Fixed in Apache Tomcat 4.1.SVN for inclusion in next release</strong>
 </a>
@@ -369,6 +369,19 @@
     <p>Affects: 4.1.0-4.1.36</p>
 
     <p>
+<strong>low: Session hi-jacking</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5333">
+       CVE-2007-5333</a>
+</p>
+
+    <p>The previous fix for
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3385">
+       CVE-2007-3385</a> was incomplete. It did not consider the use of quotes
+       or %5C within a cookie value.</p>
+
+    <p>Affects: 4.1.0-4.1.36</p>
+
+    <p>
 <strong>important: Information disclosure</strong>
        <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5461">
        CVE-2007-5461</a>
@@ -387,14 +400,14 @@
 </tr>
 <tr>
 <td>
-<br/>
+<br />
 </td>
 </tr>
 </table>
-<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<table width="100%" cellpadding="2" cellspacing="0" border="0">
 <tr>
 <td bgcolor="#525D76">
-<font color="#ffffff" face="arial,helvetica,sanserif">
+<font face="arial,helvetica,sanserif" color="#ffffff">
 <a name="Fixed in Apache Tomcat 4.1.36">
 <strong>Fixed in Apache Tomcat 4.1.36</strong>
 </a>
@@ -484,14 +497,14 @@
 </tr>
 <tr>
 <td>
-<br/>
+<br />
 </td>
 </tr>
 </table>
-<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<table width="100%" cellpadding="2" cellspacing="0" border="0">
 <tr>
 <td bgcolor="#525D76">
-<font color="#ffffff" face="arial,helvetica,sanserif">
+<font face="arial,helvetica,sanserif" color="#ffffff">
 <a name="Fixed in Apache Tomcat 4.1.32">
 <strong>Fixed in Apache Tomcat 4.1.32</strong>
 </a>
@@ -576,14 +589,14 @@
 </tr>
 <tr>
 <td>
-<br/>
+<br />
 </td>
 </tr>
 </table>
-<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<table width="100%" cellpadding="2" cellspacing="0" border="0">
 <tr>
 <td bgcolor="#525D76">
-<font color="#ffffff" face="arial,helvetica,sanserif">
+<font face="arial,helvetica,sanserif" color="#ffffff">
 <a name="Fixed in Apache Tomcat 4.1.29">
 <strong>Fixed in Apache Tomcat 4.1.29</strong>
 </a>
@@ -614,14 +627,14 @@
 </tr>
 <tr>
 <td>
-<br/>
+<br />
 </td>
 </tr>
 </table>
-<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<table width="100%" cellpadding="2" cellspacing="0" border="0">
 <tr>
 <td bgcolor="#525D76">
-<font color="#ffffff" face="arial,helvetica,sanserif">
+<font face="arial,helvetica,sanserif" color="#ffffff">
 <a name="Fixed in Apache Tomcat 4.1.13, 4.0.6">
 <strong>Fixed in Apache Tomcat 4.1.13, 4.0.6</strong>
 </a>
@@ -666,14 +679,14 @@
 </tr>
 <tr>
 <td>
-<br/>
+<br />
 </td>
 </tr>
 </table>
-<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<table width="100%" cellpadding="2" cellspacing="0" border="0">
 <tr>
 <td bgcolor="#525D76">
-<font color="#ffffff" face="arial,helvetica,sanserif">
+<font face="arial,helvetica,sanserif" color="#ffffff">
 <a name="Fixed in Apache Tomcat 4.1.12, 4.0.5">
 <strong>Fixed in Apache Tomcat 4.1.12, 4.0.5</strong>
 </a>
@@ -700,14 +713,14 @@
 </tr>
 <tr>
 <td>
-<br/>
+<br />
 </td>
 </tr>
 </table>
-<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<table width="100%" cellpadding="2" cellspacing="0" border="0">
 <tr>
 <td bgcolor="#525D76">
-<font color="#ffffff" face="arial,helvetica,sanserif">
+<font face="arial,helvetica,sanserif" color="#ffffff">
 <a name="Fixed in Apache Tomcat 4.1.3">
 <strong>Fixed in Apache Tomcat 4.1.3</strong>
 </a>
@@ -736,14 +749,14 @@
 </tr>
 <tr>
 <td>
-<br/>
+<br />
 </td>
 </tr>
 </table>
-<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<table width="100%" cellpadding="2" cellspacing="0" border="0">
 <tr>
 <td bgcolor="#525D76">
-<font color="#ffffff" face="arial,helvetica,sanserif">
+<font face="arial,helvetica,sanserif" color="#ffffff">
 <a name="Fixed in Apache Tomcat 4.1.0">
 <strong>Fixed in Apache Tomcat 4.1.0</strong>
 </a>
@@ -783,14 +796,14 @@
 </tr>
 <tr>
 <td>
-<br/>
+<br />
 </td>
 </tr>
 </table>
-<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<table width="100%" cellpadding="2" cellspacing="0" border="0">
 <tr>
 <td bgcolor="#525D76">
-<font color="#ffffff" face="arial,helvetica,sanserif">
+<font face="arial,helvetica,sanserif" color="#ffffff">
 <a name="Fixed in Apache Tomcat 4.0.2">
 <strong>Fixed in Apache Tomcat 4.0.2</strong>
 </a>
@@ -821,14 +834,14 @@
 </tr>
 <tr>
 <td>
-<br/>
+<br />
 </td>
 </tr>
 </table>
-<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<table width="100%" cellpadding="2" cellspacing="0" border="0">
 <tr>
 <td bgcolor="#525D76">
-<font color="#ffffff" face="arial,helvetica,sanserif">
+<font face="arial,helvetica,sanserif" color="#ffffff">
 <a name="Fixed in Apache Tomcat 4.0.0">
 <strong>Fixed in Apache Tomcat 4.0.0</strong>
 </a>
@@ -856,14 +869,14 @@
 </tr>
 <tr>
 <td>
-<br/>
+<br />
 </td>
 </tr>
 </table>
-<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<table width="100%" cellpadding="2" cellspacing="0" border="0">
 <tr>
 <td bgcolor="#525D76">
-<font color="#ffffff" face="arial,helvetica,sanserif">
+<font face="arial,helvetica,sanserif" color="#ffffff">
 <a name="Unverified">
 <strong>Unverified</strong>
 </a>
@@ -880,7 +893,7 @@
        CVE-2005-4703</a>, 
        <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2008">
        CVE-2002-2008</a>
-<br/>
+<br />
 </p>
 
     <p>This issue only affects Windows operating systems. It can not be
@@ -896,7 +909,7 @@
 <strong>important: Denial of service</strong>
        <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1895">
        CVE-2002-1895</a>
-<br/>
+<br />
 </p>
 
     <p>This issue only affects configurations that use IIS in conjunction with
@@ -912,14 +925,14 @@
 </tr>
 <tr>
 <td>
-<br/>
+<br />
 </td>
 </tr>
 </table>
-<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<table width="100%" cellpadding="2" cellspacing="0" border="0">
 <tr>
 <td bgcolor="#525D76">
-<font color="#ffffff" face="arial,helvetica,sanserif">
+<font face="arial,helvetica,sanserif" color="#ffffff">
 <a name="Not a vulnerability in Tomcat">
 <strong>Not a vulnerability in Tomcat</strong>
 </a>
@@ -948,7 +961,7 @@
 </tr>
 <tr>
 <td>
-<br/>
+<br />
 </td>
 </tr>
 </table>
@@ -957,14 +970,14 @@
 <!--FOOTER SEPARATOR-->
 <tr>
 <td colspan="2">
-<hr noshade="" size="1"/>
+<hr size="1" noshade="" />
 </td>
 </tr>
 <!--PAGE FOOTER-->
 <tr>
 <td colspan="2">
 <div align="center">
-<font color="#525D76" size="-1">
+<font size="-1" color="#525D76">
 <em>
         Copyright © 1999-2007, The Apache Software Foundation
         </em>

Modified: tomcat/site/trunk/docs/security-5.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-5.html?rev=620030&r1=620029&r2=620030&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-5.html (original)
+++ tomcat/site/trunk/docs/security-5.html Fri Feb  8 15:16:41 2008
@@ -3,19 +3,19 @@
 <html>
 <head>
 <title>Apache Tomcat - Apache Tomcat 5.x vulnerabilities</title>
-<meta name="author" value="Apache Tomcat Project"/>
-<meta name="email" value=""/>
-<link type="text/css" href="stylesheets/tomcat.css" rel="stylesheet"/>
-<link type="text/css" href="stylesheets/tomcat-printer.css" rel="stylesheet" media="print"/>
+<meta value="Apache Tomcat Project" name="author" />
+<meta value="" name="email" />
+<link rel="stylesheet" href="stylesheets/tomcat.css" type="text/css" />
+<link media="print" rel="stylesheet" href="stylesheets/tomcat-printer.css" type="text/css"
/>
 </head>
-<body bgcolor="#ffffff" text="#000000" link="#525D76" alink="#525D76" vlink="#525D76">
-<table border="0" width="100%" cellspacing="0">
+<body vlink="#525D76" alink="#525D76" link="#525D76" text="#000000" bgcolor="#ffffff">
+<table cellspacing="0" width="100%" border="0">
 <!--PAGE HEADER-->
 <tr>
 <td>
 <!--PROJECT LOGO-->
 <a href="http://tomcat.apache.org/">
-<img src="./images/tomcat.gif" align="left" alt="Tomcat Logo" border="0"/>
+<img border="0" alt="Tomcat Logo" align="left" src="./images/tomcat.gif" />
 </a>
 </td>
 <td>
@@ -26,28 +26,28 @@
 <td>
 <!--APACHE LOGO-->
 <a href="http://www.apache.org/">
-<img src="http://www.apache.org/images/asf-logo.gif" align="right" alt="Apache Logo" border="0"/>
+<img border="0" alt="Apache Logo" align="right" src="http://www.apache.org/images/asf-logo.gif"
/>
 </a>
 </td>
 </tr>
 </table>
 <div class="searchbox noPrint">
-<form action="http://www.google.com/search" method="get">
-<input value="tomcat.apache.org" name="sitesearch" type="hidden"/>
-<input value="Search the Site" size="25" name="q" id="query" type="text"/>
-<input name="Search" value="Search Site" type="submit"/>
+<form method="get" action="http://www.google.com/search">
+<input type="hidden" name="sitesearch" value="tomcat.apache.org" />
+<input type="text" id="query" name="q" size="25" value="Search the Site" />
+<input type="submit" value="Search Site" name="Search" />
 </form>
 </div>
-<table border="0" width="100%" cellspacing="4">
+<table cellspacing="4" width="100%" border="0">
 <!--HEADER SEPARATOR-->
 <tr>
 <td colspan="2">
-<hr noshade="" size="1"/>
+<hr size="1" noshade="" />
 </td>
 </tr>
 <tr>
 <!--LEFT SIDE NAVIGATION-->
-<td width="20%" valign="top" nowrap="true" class="noPrint">
+<td class="noPrint" nowrap="true" valign="top" width="20%">
 <p>
 <strong>Apache Tomcat</strong>
 </p>
@@ -176,11 +176,11 @@
 </ul>
 </td>
 <!--RIGHT SIDE MAIN BODY-->
-<td width="80%" valign="top" align="left" id="mainBody">
-<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<td id="mainBody" align="left" valign="top" width="80%">
+<table width="100%" cellpadding="2" cellspacing="0" border="0">
 <tr>
 <td bgcolor="#525D76">
-<font color="#ffffff" face="arial,helvetica,sanserif">
+<font face="arial,helvetica,sanserif" color="#ffffff">
 <a name="Apache Tomcat 5.x vulnerabilities">
 <strong>Apache Tomcat 5.x vulnerabilities</strong>
 </a>
@@ -214,14 +214,14 @@
 </tr>
 <tr>
 <td>
-<br/>
+<br />
 </td>
 </tr>
 </table>
-<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<table width="100%" cellpadding="2" cellspacing="0" border="0">
 <tr>
 <td bgcolor="#525D76">
-<font color="#ffffff" face="arial,helvetica,sanserif">
+<font face="arial,helvetica,sanserif" color="#ffffff">
 <a name="Fixed in Apache Tomcat 5.5.26">
 <strong>Fixed in Apache Tomcat 5.5.26</strong>
 </a>
@@ -233,6 +233,19 @@
 <p>
 <blockquote>
     <p>
+<strong>low: Session hi-jacking</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5333">
+       CVE-2007-5333</a>
+</p>
+
+    <p>The previous fix for
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3385">
+       CVE-2007-3385</a> was incomplete. It did not consider the use of quotes
+       or %5C within a cookie value.</p>
+
+    <p>Affects: 5.5.0-5.5.25</p>
+
+    <p>
 <strong>low: Elevated privileges</strong>
        <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5342">
        CVE-2007-5342</a>
@@ -264,14 +277,14 @@
 </tr>
 <tr>
 <td>
-<br/>
+<br />
 </td>
 </tr>
 </table>
-<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<table width="100%" cellpadding="2" cellspacing="0" border="0">
 <tr>
 <td bgcolor="#525D76">
-<font color="#ffffff" face="arial,helvetica,sanserif">
+<font face="arial,helvetica,sanserif" color="#ffffff">
 <a name="Fixed in Apache Tomcat 5.5.25, 5.0.SVN">
 <strong>Fixed in Apache Tomcat 5.5.25, 5.0.SVN</strong>
 </a>
@@ -353,14 +366,14 @@
 </tr>
 <tr>
 <td>
-<br/>
+<br />
 </td>
 </tr>
 </table>
-<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<table width="100%" cellpadding="2" cellspacing="0" border="0">
 <tr>
 <td bgcolor="#525D76">
-<font color="#ffffff" face="arial,helvetica,sanserif">
+<font face="arial,helvetica,sanserif" color="#ffffff">
 <a name="Fixed in Apache Tomcat 5.5.24, 5.0.SVN">
 <strong>Fixed in Apache Tomcat 5.5.24, 5.0.SVN</strong>
 </a>
@@ -390,14 +403,14 @@
 </tr>
 <tr>
 <td>
-<br/>
+<br />
 </td>
 </tr>
 </table>
-<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<table width="100%" cellpadding="2" cellspacing="0" border="0">
 <tr>
 <td bgcolor="#525D76">
-<font color="#ffffff" face="arial,helvetica,sanserif">
+<font face="arial,helvetica,sanserif" color="#ffffff">
 <a name="Fixed in Apache Tomcat 5.5.23, 5.0.SVN">
 <strong>Fixed in Apache Tomcat 5.5.23, 5.0.SVN</strong>
 </a>
@@ -432,14 +445,14 @@
 </tr>
 <tr>
 <td>
-<br/>
+<br />
 </td>
 </tr>
 </table>
-<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<table width="100%" cellpadding="2" cellspacing="0" border="0">
 <tr>
 <td bgcolor="#525D76">
-<font color="#ffffff" face="arial,helvetica,sanserif">
+<font face="arial,helvetica,sanserif" color="#ffffff">
 <a name="Fixed in Apache Tomcat 5.5.22, 5.0.SVN">
 <strong>Fixed in Apache Tomcat 5.5.22, 5.0.SVN</strong>
 </a>
@@ -493,14 +506,14 @@
 </tr>
 <tr>
 <td>
-<br/>
+<br />
 </td>
 </tr>
 </table>
-<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<table width="100%" cellpadding="2" cellspacing="0" border="0">
 <tr>
 <td bgcolor="#525D76">
-<font color="#ffffff" face="arial,helvetica,sanserif">
+<font face="arial,helvetica,sanserif" color="#ffffff">
 <a name="Fixed in Apache Tomcat 5.5.21, 5.0.SVN">
 <strong>Fixed in Apache Tomcat 5.5.21, 5.0.SVN</strong>
 </a>
@@ -533,14 +546,14 @@
 </tr>
 <tr>
 <td>
-<br/>
+<br />
 </td>
 </tr>
 </table>
-<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<table width="100%" cellpadding="2" cellspacing="0" border="0">
 <tr>
 <td bgcolor="#525D76">
-<font color="#ffffff" face="arial,helvetica,sanserif">
+<font face="arial,helvetica,sanserif" color="#ffffff">
 <a name="Fixed in Apache Tomcat 5.5.18, 5.0.SVN">
 <strong>Fixed in Apache Tomcat 5.5.18, 5.0.SVN</strong>
 </a>
@@ -568,14 +581,14 @@
 </tr>
 <tr>
 <td>
-<br/>
+<br />
 </td>
 </tr>
 </table>
-<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<table width="100%" cellpadding="2" cellspacing="0" border="0">
 <tr>
 <td bgcolor="#525D76">
-<font color="#ffffff" face="arial,helvetica,sanserif">
+<font face="arial,helvetica,sanserif" color="#ffffff">
 <a name="Fixed in Apache Tomcat 5.5.17, 5.0.SVN">
 <strong>Fixed in Apache Tomcat 5.5.17, 5.0.SVN</strong>
 </a>
@@ -603,14 +616,14 @@
 </tr>
 <tr>
 <td>
-<br/>
+<br />
 </td>
 </tr>
 </table>
-<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<table width="100%" cellpadding="2" cellspacing="0" border="0">
 <tr>
 <td bgcolor="#525D76">
-<font color="#ffffff" face="arial,helvetica,sanserif">
+<font face="arial,helvetica,sanserif" color="#ffffff">
 <a name="Fixed in Apache Tomcat 5.5.16, 5.0.SVN">
 <strong>Fixed in Apache Tomcat 5.5.16, 5.0.SVN</strong>
 </a>
@@ -638,14 +651,14 @@
 </tr>
 <tr>
 <td>
-<br/>
+<br />
 </td>
 </tr>
 </table>
-<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<table width="100%" cellpadding="2" cellspacing="0" border="0">
 <tr>
 <td bgcolor="#525D76">
-<font color="#ffffff" face="arial,helvetica,sanserif">
+<font face="arial,helvetica,sanserif" color="#ffffff">
 <a name="Fixed in Apache Tomcat 5.5.13, 5.0.SVN">
 <strong>Fixed in Apache Tomcat 5.5.13, 5.0.SVN</strong>
 </a>
@@ -693,14 +706,14 @@
 </tr>
 <tr>
 <td>
-<br/>
+<br />
 </td>
 </tr>
 </table>
-<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<table width="100%" cellpadding="2" cellspacing="0" border="0">
 <tr>
 <td bgcolor="#525D76">
-<font color="#ffffff" face="arial,helvetica,sanserif">
+<font face="arial,helvetica,sanserif" color="#ffffff">
 <a name="Fixed in Apache Tomcat 5.5.7, 5.0.SVN">
 <strong>Fixed in Apache Tomcat 5.5.7, 5.0.SVN</strong>
 </a>
@@ -728,14 +741,14 @@
 </tr>
 <tr>
 <td>
-<br/>
+<br />
 </td>
 </tr>
 </table>
-<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<table width="100%" cellpadding="2" cellspacing="0" border="0">
 <tr>
 <td bgcolor="#525D76">
-<font color="#ffffff" face="arial,helvetica,sanserif">
+<font face="arial,helvetica,sanserif" color="#ffffff">
 <a name="Not a vulnerability in Tomcat">
 <strong>Not a vulnerability in Tomcat</strong>
 </a>
@@ -768,7 +781,7 @@
 </tr>
 <tr>
 <td>
-<br/>
+<br />
 </td>
 </tr>
 </table>
@@ -777,14 +790,14 @@
 <!--FOOTER SEPARATOR-->
 <tr>
 <td colspan="2">
-<hr noshade="" size="1"/>
+<hr size="1" noshade="" />
 </td>
 </tr>
 <!--PAGE FOOTER-->
 <tr>
 <td colspan="2">
 <div align="center">
-<font color="#525D76" size="-1">
+<font size="-1" color="#525D76">
 <em>
         Copyright © 1999-2007, The Apache Software Foundation
         </em>

Modified: tomcat/site/trunk/docs/security-6.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-6.html?rev=620030&r1=620029&r2=620030&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-6.html (original)
+++ tomcat/site/trunk/docs/security-6.html Fri Feb  8 15:16:41 2008
@@ -3,19 +3,19 @@
 <html>
 <head>
 <title>Apache Tomcat - Apache Tomcat 6.x vulnerabilities</title>
-<meta name="author" value="Apache Tomcat Project"/>
-<meta name="email" value=""/>
-<link type="text/css" href="stylesheets/tomcat.css" rel="stylesheet"/>
-<link type="text/css" href="stylesheets/tomcat-printer.css" rel="stylesheet" media="print"/>
+<meta value="Apache Tomcat Project" name="author" />
+<meta value="" name="email" />
+<link rel="stylesheet" href="stylesheets/tomcat.css" type="text/css" />
+<link media="print" rel="stylesheet" href="stylesheets/tomcat-printer.css" type="text/css"
/>
 </head>
-<body bgcolor="#ffffff" text="#000000" link="#525D76" alink="#525D76" vlink="#525D76">
-<table border="0" width="100%" cellspacing="0">
+<body vlink="#525D76" alink="#525D76" link="#525D76" text="#000000" bgcolor="#ffffff">
+<table cellspacing="0" width="100%" border="0">
 <!--PAGE HEADER-->
 <tr>
 <td>
 <!--PROJECT LOGO-->
 <a href="http://tomcat.apache.org/">
-<img src="./images/tomcat.gif" align="left" alt="Tomcat Logo" border="0"/>
+<img border="0" alt="Tomcat Logo" align="left" src="./images/tomcat.gif" />
 </a>
 </td>
 <td>
@@ -26,28 +26,28 @@
 <td>
 <!--APACHE LOGO-->
 <a href="http://www.apache.org/">
-<img src="http://www.apache.org/images/asf-logo.gif" align="right" alt="Apache Logo" border="0"/>
+<img border="0" alt="Apache Logo" align="right" src="http://www.apache.org/images/asf-logo.gif"
/>
 </a>
 </td>
 </tr>
 </table>
 <div class="searchbox noPrint">
-<form action="http://www.google.com/search" method="get">
-<input value="tomcat.apache.org" name="sitesearch" type="hidden"/>
-<input value="Search the Site" size="25" name="q" id="query" type="text"/>
-<input name="Search" value="Search Site" type="submit"/>
+<form method="get" action="http://www.google.com/search">
+<input type="hidden" name="sitesearch" value="tomcat.apache.org" />
+<input type="text" id="query" name="q" size="25" value="Search the Site" />
+<input type="submit" value="Search Site" name="Search" />
 </form>
 </div>
-<table border="0" width="100%" cellspacing="4">
+<table cellspacing="4" width="100%" border="0">
 <!--HEADER SEPARATOR-->
 <tr>
 <td colspan="2">
-<hr noshade="" size="1"/>
+<hr size="1" noshade="" />
 </td>
 </tr>
 <tr>
 <!--LEFT SIDE NAVIGATION-->
-<td width="20%" valign="top" nowrap="true" class="noPrint">
+<td class="noPrint" nowrap="true" valign="top" width="20%">
 <p>
 <strong>Apache Tomcat</strong>
 </p>
@@ -176,11 +176,11 @@
 </ul>
 </td>
 <!--RIGHT SIDE MAIN BODY-->
-<td width="80%" valign="top" align="left" id="mainBody">
-<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<td id="mainBody" align="left" valign="top" width="80%">
+<table width="100%" cellpadding="2" cellspacing="0" border="0">
 <tr>
 <td bgcolor="#525D76">
-<font color="#ffffff" face="arial,helvetica,sanserif">
+<font face="arial,helvetica,sanserif" color="#ffffff">
 <a name="Apache Tomcat 6.x vulnerabilities">
 <strong>Apache Tomcat 6.x vulnerabilities</strong>
 </a>
@@ -208,14 +208,14 @@
 </tr>
 <tr>
 <td>
-<br/>
+<br />
 </td>
 </tr>
 </table>
-<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<table width="100%" cellpadding="2" cellspacing="0" border="0">
 <tr>
 <td bgcolor="#525D76">
-<font color="#ffffff" face="arial,helvetica,sanserif">
+<font face="arial,helvetica,sanserif" color="#ffffff">
 <a name="Fixed in Apache Tomcat 6.0.16">
 <strong>Fixed in Apache Tomcat 6.0.16</strong>
 </a>
@@ -227,6 +227,19 @@
 <p>
 <blockquote>
     <p>
+<strong>low: Session hi-jacking</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5333">
+       CVE-2007-5333</a>
+</p>
+
+    <p>The previous fix for
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3385">
+       CVE-2007-3385</a> was incomplete. It did not consider the use of quotes
+       or %5C within a cookie value.</p>
+
+    <p>Affects: 6.0.0-6.0.14</p>
+
+    <p>
 <strong>low: Elevated privileges</strong>
        <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5342">
        CVE-2007-5342</a>
@@ -272,14 +285,14 @@
 </tr>
 <tr>
 <td>
-<br/>
+<br />
 </td>
 </tr>
 </table>
-<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<table width="100%" cellpadding="2" cellspacing="0" border="0">
 <tr>
 <td bgcolor="#525D76">
-<font color="#ffffff" face="arial,helvetica,sanserif">
+<font face="arial,helvetica,sanserif" color="#ffffff">
 <a name="Fixed in Apache Tomcat 6.0.14">
 <strong>Fixed in Apache Tomcat 6.0.14</strong>
 </a>
@@ -361,14 +374,14 @@
 </tr>
 <tr>
 <td>
-<br/>
+<br />
 </td>
 </tr>
 </table>
-<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<table width="100%" cellpadding="2" cellspacing="0" border="0">
 <tr>
 <td bgcolor="#525D76">
-<font color="#ffffff" face="arial,helvetica,sanserif">
+<font face="arial,helvetica,sanserif" color="#ffffff">
 <a name="Fixed in Apache Tomcat 6.0.11">
 <strong>Fixed in Apache Tomcat 6.0.11</strong>
 </a>
@@ -416,14 +429,14 @@
 </tr>
 <tr>
 <td>
-<br/>
+<br />
 </td>
 </tr>
 </table>
-<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<table width="100%" cellpadding="2" cellspacing="0" border="0">
 <tr>
 <td bgcolor="#525D76">
-<font color="#ffffff" face="arial,helvetica,sanserif">
+<font face="arial,helvetica,sanserif" color="#ffffff">
 <a name="Fixed in Apache Tomcat 6.0.10">
 <strong>Fixed in Apache Tomcat 6.0.10</strong>
 </a>
@@ -472,14 +485,14 @@
 </tr>
 <tr>
 <td>
-<br/>
+<br />
 </td>
 </tr>
 </table>
-<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<table width="100%" cellpadding="2" cellspacing="0" border="0">
 <tr>
 <td bgcolor="#525D76">
-<font color="#ffffff" face="arial,helvetica,sanserif">
+<font face="arial,helvetica,sanserif" color="#ffffff">
 <a name="Fixed in Apache Tomcat 6.0.6">
 <strong>Fixed in Apache Tomcat 6.0.6</strong>
 </a>
@@ -512,7 +525,7 @@
 </tr>
 <tr>
 <td>
-<br/>
+<br />
 </td>
 </tr>
 </table>
@@ -521,14 +534,14 @@
 <!--FOOTER SEPARATOR-->
 <tr>
 <td colspan="2">
-<hr noshade="" size="1"/>
+<hr size="1" noshade="" />
 </td>
 </tr>
 <!--PAGE FOOTER-->
 <tr>
 <td colspan="2">
 <div align="center">
-<font color="#525D76" size="-1">
+<font size="-1" color="#525D76">
 <em>
         Copyright © 1999-2007, The Apache Software Foundation
         </em>

Modified: tomcat/site/trunk/xdocs/security-4.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-4.xml?rev=620030&r1=620029&r2=620030&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-4.xml (original)
+++ tomcat/site/trunk/xdocs/security-4.xml Fri Feb  8 15:16:41 2008
@@ -128,6 +128,17 @@
 
     <p>Affects: 4.1.0-4.1.36</p>
 
+    <p><strong>low: Session hi-jacking</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5333">
+       CVE-2007-5333</a></p>
+
+    <p>The previous fix for
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3385">
+       CVE-2007-3385</a> was incomplete. It did not consider the use of quotes
+       or %5C within a cookie value.</p>
+
+    <p>Affects: 4.1.0-4.1.36</p>
+
     <p><strong>important: Information disclosure</strong>
        <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5461">
        CVE-2007-5461</a></p>

Modified: tomcat/site/trunk/xdocs/security-5.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-5.xml?rev=620030&r1=620029&r2=620030&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-5.xml (original)
+++ tomcat/site/trunk/xdocs/security-5.xml Fri Feb  8 15:16:41 2008
@@ -29,6 +29,17 @@
   </section>
 
   <section name="Fixed in Apache Tomcat 5.5.26">
+    <p><strong>low: Session hi-jacking</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5333">
+       CVE-2007-5333</a></p>
+
+    <p>The previous fix for
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3385">
+       CVE-2007-3385</a> was incomplete. It did not consider the use of quotes
+       or %5C within a cookie value.</p>
+
+    <p>Affects: 5.5.0-5.5.25</p>
+
     <p><strong>low: Elevated privileges</strong>
        <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5342">
        CVE-2007-5342</a></p>

Modified: tomcat/site/trunk/xdocs/security-6.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-6.xml?rev=620030&r1=620029&r2=620030&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-6.xml (original)
+++ tomcat/site/trunk/xdocs/security-6.xml Fri Feb  8 15:16:41 2008
@@ -23,6 +23,17 @@
   </section>
 
   <section name="Fixed in Apache Tomcat 6.0.16">
+    <p><strong>low: Session hi-jacking</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5333">
+       CVE-2007-5333</a></p>
+
+    <p>The previous fix for
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3385">
+       CVE-2007-3385</a> was incomplete. It did not consider the use of quotes
+       or %5C within a cookie value.</p>
+
+    <p>Affects: 6.0.0-6.0.14</p>
+
     <p><strong>low: Elevated privileges</strong>
        <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5342">
        CVE-2007-5342</a></p>



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message